Configuring Forwarding Session Rules

By default, the NetScaler appliance does not create session entries for traffic that it only forwards (L3 mode). For a case in which a client request that the appliance forwards to a server results in a response that has to return by the same path, you can create a forwarding-session rule. A forwarding-session rule creates forwarding-session entries for traffic that originates from or is destined for a particular network and is forwarded by the NetScaler. You can create forwarding session rules for IPv4 traffic as well as IPv6 traffic.

When configuring an IPv4 forwarding-session rule, you can specify either an IPv4 network address or an extended ACL as the condition for identifying IPv4 traffic for which to create a forwarding-session entry:

  • Network address. When you specify an IPv4 network address, the appliance creates forwarding sessions for IPv4 traffic whose source or destination matches the network address.
  • Extended ACL rule. When you specify an extended ACL rule, the appliance creates forwarding sessions for IPv4 traffic that matches the conditions specified in the extended ACL rule.

When configuring an IPv6 forwarding-session rule, you can specify either an IPv6 prefix or an ACL6 as the condition for identifying IPv6 traffic for which to create a forwarding-session entry:

  • IPv6 prefix. When you specify an IPv6 prefix, the appliance creates forwarding sessions for IPv6 traffic whose source or destination matches the IPv6 prefix.
  • ACL6 rule. When you specify an ACL6 rule, the appliance creates forwarding sessions for IPv6 traffic that matches the conditions specified in the ACL6 rule.

To create an IPv4 forwarding session rule by using the NetScaler command line:

At the command prompt, type the following commands to create a forwarding-session rule and verify the configuration:

  • add forwardingSession <name> [<network> <netmask> ] | [-aclname <string>] -connfailover (ENABLED | DISABLED)

  • show forwardingSession

Example:

A network address as the condition:

> add forwardingSession fs-nw-1 10.102.105.51 255.255.255.255
 Done

An ACL as the condition:

> add forwardingSession fs-acl-1 acl1
 Done

To configure an IPv4 forwarding session rule by using the NetScaler GUI:

Navigate to System > Network > Forwarding Sessions, add a new IPv4 forwarding session, or edit an existing forwarding session.

To create an IPv6 forwarding session rule by using the NetScaler command line:

  • At the command prompt, type the following commands to create a forwarding-session rule and verify the configuration:

    • add forwardingSession <name> [<IPv6 prefix>] | [-acl6name <string>]
    • show forwardingSession

    Example:

    An IPv6 prefix as the condition:

    > add forwardingSession fsv6-pfx-1 3ffe::/64
     Done

    An ACL6 rule as the condition:

    > add forwardingSession fsv6-acl6-1 –acl6name ACL6-FS
     Done

To configure an IPv6 forwarding session rule by using the NetScaler GUI:

Navigate to System > Network > Forwarding Sessions, add a new IPv6 forwarding session, or edit an existing forwarding session.

Assigning an ACL rule to an Existing Forwarding Session Rule

You can assign an ACL rule to a Network-address/IPv6-prefix based forwarding session rule, in which case it becomes an ACL based forwarding session rule. You can also change an existing ACL rule to another ACL rule in an ACL based forwarding session rule. After the existing related forwarding session entries (if any) have timed out, the rules start using the newly assigned ACL to identify IPv4/IPv6 traffic for which to create a forwarding-session entry.

To assign an extended ACL rule to an existing IPv4 forwarding session rule by using the NetScaler command line:

At the command prompt, type

  • set forwardingSession <name> [-aclname <string>]
  • show forwardingSession <name>

To assign an ACL6 rule to an existing IPv6 forwarding session rule by using the NetScaler command line:

At the command prompt, type

  • set forwardingSession <name> [-acl6name <string>]
  • show forwardingSession <name>

Example:

> add forwardingSession FS-1 -aclname ACL-9
Done

> add forwardingSession FS6-1 –acl6name ACL6-9
Done

Disabling Steering for Forwarding Sessions on a Cluster Setup

The default behavior of a NetScaler cluster is for the node that receives traffic (flow receiver) to direct the traffic to another node (flow processor), which processes the traffic. Directing the traffic from flow receiver to flow processor occurs over the cluster backplane and is called steering.

Steering can be an overhead for real-time processing or when the setup includes high-latency links.

Steering for forwarding sessions can now be disabled so that the processing becomes local to the flow receiver. That is, the flow receiver becomes the flow processor.

Before you begin

Note the following points before configuring forwarding session rules in a cluster setup:

  • You must configure linksets to be used for forwarding sessions.
  • You must enable MAC Based Forwarding (MBF) on the cluster setup.

Configuring Forwarding Session Rules in a Cluster Setup

Disabling steering for forwarding session rules in a cluster setup can be done at the following two levels:

  • Specific forwarding session rule level. Enable the Process Local parameter while adding a new forwarding session rule or editing an existing forwarding session rule.
  • Global level. Enable the Process Local parameter while adding a new cluster instance or editing an existing cluster instance. The global setting takes precedence over the forwarding session rule setting.

NetScaler command line procedures

To disable steering for a forwarding session rule on a cluster setup by using the NetScaler command line:

At the command prompt, type one of the following sets of commands:

  • If adding a new forwarding session rule:

    • add forwardingSession <name> ((<network> [<netmask>]) | -acl6name <string> | -aclname <string>) -processLocal ENABLED
    • show forwardingSession <name>
  • If reconfiguring an existing forwarding session rule:

    • set forwardingSession <name> -processLocal ENABLED
    • show forwardingSession <name>

To disable steering for all (global level) forwarding session rules on a cluster setup by using the NetScaler command line:

At the command prompt, type one of the following sets of commands:

  • If adding a new cluster instance:

    • add cluster instance <clid> -processLocal Enabled
    • show cluster instance <clid>
  • If reconfiguring an existing cluster instance:

    • set cluster instance <clid> -processLocal Enabled
    • show cluster instance <clid>

Sample configuration:

Following are two examples of disabling steering at the forwarding session rule level, and an example of disabling steering at the global level.


An IPv4 forwarding session rule:

> add forwardingSession FWD-SESSN-PROCSS-LOCL-IPV4-1 10.102.105.51 255.255.255.255 -processLocal Enabled
Done

An IPv6 forwarding session rule:

> add forwardingSession FWD-SESSN-PROCSS-LOCL-IPV6-1 –acl6name ACL6-FWD-SESSN-1 -processLocal Enabled
Done

A cluster setup, with an instance ID 10, has steering disabled at global level:

> set cluster instance 10 -processLocal Enabled
Done

NetScaler GUI procedures

To disable steering for a forwarding session rule on a cluster setup by using the NetScaler GUI:

Navigate to System > Network > Forwarding Sessions, select Process Local while adding a new forwarding session rule or editing an existing forwarding session rule.

To disable steering for all (global level) forwarding session rules on a cluster setup by using the NetScaler GUI:

Navigate to System > Cluster, and select Process Local while adding a cluster configuration or modifying an existing cluster configuration.